CVE-2021-24378

The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execut...

CVE-2021-24377

The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted o...

CVE-2021-24332

The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored Cross-Site Scripting issues...

CVE-2020-24948

The aoccssimport AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution...

CVE-2022-47593

Auth. subscriber+ SQL Injection SQLi vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin = 1.6.35 versions...

PT-2024-23934 · Unknown · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize versions 2.2.11 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker can potentially trick the server into making unauthorized requests, leading to...

The vulnerability of the Autoptimize plugin of the WordPress content management system, related to security mechanism errors, allows attackers to gain unauthorized access to information.

The vulnerability of the Autoptimize plugin of the WordPress content management system is related to security mechanism errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to information...

CVE-2022-47593

Auth. subscriber+ SQL Injection SQLi vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin = 1.6.35 versions...

CVE-2022-47593

Auth. subscriber+ SQL Injection SQLi vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin = 1.6.35 versions...

Sql injection

Auth. subscriber+ SQL Injection SQLi vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin = 1.6.35 versions...

CVE-2022-47593

CVE-2022-47593 affects WordPress RapidLoad Power-Up for Autoptimize plugin, versions ≤ 1.6.35. The vulnerability is an SQL Injection exploitable by authenticated subscribers. Patchstack and other sources state the fix is in version 1.6.36 or later. Practical impact: unauthorized access to data vi...

PT-2023-15417 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin versions = 1.6.35 Description: The issue is related to an SQL Injection vulnerability in the RapidLoad Power-Up for Autoptimize plugin. This vulnerability can be exploited by authenticated subscribers...

CVE-2023-2113 Autoptimize < 3.1.7 - Admin+ Stored Cross-Site Scripting via Settings Import

The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users such as an administrator to inject arbitrary javascript into the admin panel, even when the unfilteredhtml capability is disabled, such as in a...

WordPress plugin Autoptimize 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

WordPress Autoptimize Plugin < 3.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Autoptimize Type Plugin Vulnerable versions 3.1.7 Fixed in 3.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2113 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 45f6a5c2bef1 Credits Juampa Rodríguez Required...

CVE-2023-1472

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions...

CVE-2023-1472

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions...

Cross site request forgery (csrf)

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions...

WordPress plugin RapidLoad Power-Up for Autoptimize 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

WordPress RapidLoad Power-Up for Autoptimize Plugin <= 1.7.1 is vulnerable to Broken Access Control

Software RapidLoad Power-Up for Autoptimize Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1339 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 443f715a7f8d Credits Marco...